A Patient Portal That
Actually Gets Used
Secure messaging, digital intake forms, appointment history, and document sharing. Patients log in with a simple SMS code — no passwords to remember, no app to download.
Patient Portal
Secure · HIPAA Compliant
Messages
2 new from Dr. Smith
Next Appointment
Mar 15 at 2:00 PM
Intake Form
Due before your visit
What the Patient Portal Does
Everything your patients need, accessible from any device with zero friction
Secure Messaging
Encrypted patient-to-practice messaging. Patients ask questions, request refills, share updates — all HIPAA compliant. No email, no phone tag.
Digital Intake Forms
Patients complete forms before their visit on any device. Conditional logic, e-signatures, and auto-save. No more clipboards.
Appointment History
Patients view upcoming and past appointments, upcoming booking, and visit summaries. Reduces "when is my appointment?" calls.
How It Works
Get your patient portal up and running in minutes, not months
Invite Patients
Send SMS invitations with a magic link. Patients access their portal instantly.
SMS OTP Login
No passwords. Patients verify with a one-time SMS code every time. Secure and frictionless.
Self-Service
Patients message your team, complete forms, view appointments, and access documents.
Staff Dashboard
Your team manages all patient communications from one unified inbox.
How the patient portal fits with your EHR
The MedSiteAI patient portal is not a replacement for your EHR — it's a patient-facing layer that sits in front of it. Patients log in by SMS one-time code, complete intake forms, message your team, view upcoming appointments, and download visit documents. Behind the scenes, those actions sync into the chart system you already use.
For the EHRs we have native integration with — Epic, Cerner, athenahealth, DrChrono, NextGen, eClinicalWorks, Allscripts, Greenway, Jane App, ChiroTouch, Open Dental, ACOM Health, ChiroFusion, and a growing list of others — bookings, intake answers, and uploaded documents land directly in the patient's chart. Your front desk does not double-enter anything. For systems we integrate via FHIR R4 or HL7, the same flows work with a slightly different sync cadence (typically 30-60 second push). For the small handful of legacy practice-management systems we don't integrate natively yet, the portal still works fully on the patient side; staff confirms the chart entry once during a single daily review window.
Importantly, the EHR remains the source of truth for clinical data. The portal mirrors what's relevant to the patient — appointments, balances, secure messages, intake forms, signed consent forms, after-visit summaries — but never holds the canonical clinical record. If you switch EHRs in the future, your portal stays. If you switch off MedSiteAI, your EHR keeps every record.
HIPAA, PHI handling, and the BAA
Every plan includes a Business Associate Agreement (BAA). Patient data is encrypted in transit with TLS 1.3 and at rest with AES-256. SMS one-time codes are short-lived and rate-limited per phone number. Secure messages are stored separately from public-facing site content and are audit-logged with timestamps, user IDs, and IP addresses for the full HIPAA-required retention period.
Document uploads (intake forms, insurance cards, ID photos, lab results) get short-lived signed URLs — by default 30 days — so the file URL expires even if it leaks. Staff access to patient PHI is gated by role-based permissions, and every read/write event is captured in the audit log with who-did-what-when. Account access from a new device requires a fresh SMS verification, and we support optional TOTP two-factor authentication for staff accounts on the admin side.
We do not use patient PHI to train AI models, and we do not sell or share data with third parties. The full BAA is signed before your portal goes live; you receive a countersigned PDF copy for your compliance file. SOC 2 Type II controls are mapped to HIPAA Security Rule safeguards.
What your practice still controls
The portal is the patient-facing surface; your team owns every clinical decision and every outbound message. You set business hours, intake-form questions, automated message templates, appointment policies, cancellation rules, late-fee handling, and what document categories patients can see. You decide whether messages go to a single shared inbox or fan out per provider. You decide whether the portal lets patients self-schedule new-patient visits or request only.
On the EHR side, your existing workflow doesn't change. Front desk continues to use Epic (or whatever your system is) the same way they always have. The portal is additive — it captures patient inputs and pushes them into the chart, then surfaces only what the patient should see. We never auto-respond on your behalf without your explicit template approval, and you can disable specific portal features per-clinic if multi-location practice rules differ.
Implementation timeline
First draft of the portal — branded to your practice, wired to your EHR, with sample patients loaded — typically lands in 48 hours. Most practices go live with real patients in 5-7 business days. The bottleneck is usually your team's schedule for a 30-minute kickoff call (intake question selection, message templates, hours, BAA sign-off) plus the EHR sandbox approval if you're on Epic, Cerner, or athenahealth.
For practices on systems where we don't have native integration yet, we can usually have a FHIR or HL7 bridge running within 10 business days. We don't bill the portal launch separately — it's included in your monthly plan with no setup fee.
Which pricing tier includes the portal
The patient portal is included on every MedSiteAI DFY plan, starting at the Growth tier ($149/mo). Higher tiers unlock additional capacity:
- Growth ($149/mo) — full portal, secure messaging, intake forms, document sharing, SMS one-time-code login, BAA included.
- Complete ($399/mo) — adds custom intake-form branching logic, automated message templates, and after-visit summary delivery.
- Ultimate ($499/mo) — adds multi-location portal partitions, dedicated account manager for portal config, and priority EHR sync support.
- Elite ($799/mo) — adds branded mobile app wrappers, custom workflow automations, and white-glove migration from existing portals (PatientPop, Doctible, Solv, etc.).
No tier upgrade is required to be HIPAA compliant — every plan is. Higher tiers add capacity and customization, not security.
Built for Healthcare
Every feature designed with patient privacy and ease of use in mind
SMS Magic Link Login
No passwords, no app downloads. Patients verify with a one-time SMS code and they're in. Secure and frictionless.
Encrypted Messaging
End-to-end encrypted patient-to-practice messaging. Fully HIPAA compliant with audit logging.
Digital Intake Forms
Conditional logic, e-signatures, and auto-save. Patients complete forms on any device before their visit.
Appointment Management
Patients view upcoming and past appointments, request new ones, and reschedule — all from their portal.
Document Sharing
Securely share lab results, post-visit instructions, consent forms, and other documents with patients.
Multi-Practice Support
Patients who see multiple providers can access all their portals from a single login. No separate accounts needed.
Compare: Patient Portal Options
Most portals charge per-provider or have low patient adoption. MedSiteAI solves both.
Other Patient Portals
- Klara: $250-500/mo, per-provider pricing, annual contract
- Spruce: $24-49/provider/mo, limited features on lower tiers
- Generic EHR portals: clunky UI, <20% patient adoption
- Password-based login = forgotten credentials = support burden
$250+/month typical
MedSiteAI Portal
RECOMMENDED- Included in Practice plans ($149/mo+)
- Unlimited patients, no per-provider fees
- SMS login = 80%+ patient adoption
- Messaging, forms, appointments, documents
$149/mo — portal included
* All plans include a signed Business Associate Agreement (BAA) for HIPAA compliance.
Why Practices Love Our Patient Portal
80%+ patient adoption rate (SMS login removes friction)
Reduce inbound phone calls by 30%+
Eliminate paper intake forms and data entry
HIPAA compliant with signed BAA
Patients love the no-password experience
Works on any device — phone, tablet, computer
Frequently Asked Questions
How do patients log in without a password?
Patients receive an SMS with a magic link or one-time code. They tap the link and they're in. No password to create, remember, or reset. Secure and meets HIPAA requirements.
Is the messaging actually HIPAA compliant?
Yes. All messages are encrypted in transit and at rest. We provide a Business Associate Agreement (BAA) with qualifying plans. Patient communications are stored securely and access-controlled.
Can I customize the intake forms?
Absolutely. Build forms with text fields, dropdowns, checkboxes, date pickers, and conditional logic (show/hide questions based on answers). Include e-signature fields for consent forms.
Will patients actually use this?
Yes — that's the key differentiator. SMS-based login eliminates the #1 barrier to patient portal adoption (forgotten passwords). Practices using MedSiteAI see 80%+ adoption rates vs. industry average of 15-20%.
Can patients book appointments through the portal?
Yes. Patients can view available slots and request appointments directly from their portal. Requests are confirmed by your staff or auto-confirmed based on your settings.
How much does the patient portal cost?
The patient portal is included in Practice plans ($149/mo) and above. No per-patient fees, no per-message charges, unlimited intake forms.
Ready to Launch Your Patient Portal?
Start your free trial today. Your patients will love the no-password experience.